P
US10979445B2ActiveUtilityPatentIndex 62

Security management of devices using blockchain technology

Assignee: AT & T IP I LPPriority: Jul 9, 2018Filed: Jul 9, 2018Granted: Apr 13, 2021
Est. expiryJul 9, 2038(~12 yrs left)· nominal 20-yr term from priority
Inventors:GIURA PAUL
G06F 8/65H04L 63/20H04L 63/1433
62
PatentIndex Score
1
Cited by
16
References
15
Claims

Abstract

Concepts and technologies disclosed herein are directed to security management of devices using blockchain technology. According to one aspect disclosed herein, a smart contract for a device can be created. The smart contract can identify a plurality of parties including a device customer, a device manufacturer, and a vulnerability assessor. The smart contract can include an expected action to be performed by the device manufacturer responsive to a trigger event. In response to the trigger event being detected, the smart contract can be executed to cause the expected action to be performed by the device manufacturer.

Claims

exact text as granted — not AI-modified
The invention claimed is: 
     
       1. A method comprising:
 creating, for execution on a blockchain, a smart contract for a device, wherein the smart contract identifies a plurality of parties comprising a device customer, a device manufacturer, and a vulnerability assessor; 
 encoding, in the smart contract, that the device customer is obligated to register the device with the device manufacturer; 
 encoding, in the smart contract, that the vulnerability assessor is obligated to report a discovery of a security vulnerability to the device customer and the device manufacturer; 
 encoding, in the smart contract, a remediation action to be performed by the device manufacturer responsive to the discovery of the security vulnerability; 
 encoding, in the smart contract, that if the device manufacturer does not perform the remediation action responsive to the discovery of the security vulnerability within a specified time period, the device manufacturer is obligated to provide the device customer with a form of compensation; and 
 encoding, in the smart contract, that when the device reaches an agreed upon end-of-life, then the device manufacturer will no longer be obligated to perform the remediation action; and 
 executing the smart contract, wherein executing the smart contract comprises
 registering, by the device manufacturer, the device responsive to a request from the customer, 
 reporting, by the vulnerability assessor, the discovery of the security vulnerability to the device customer and the device manufacturer, and 
 performing, by the device manufacturer, the remediation action responsive to the discovery of the security vulnerability. 
 
 
     
     
       2. The method of  claim 1 , wherein the security vulnerability involves a software application of the device. 
     
     
       3. The method of  claim 1 , wherein the security vulnerability involves an operating system of the device. 
     
     
       4. The method of  claim 1 , wherein the security vulnerability involves a firmware of the device. 
     
     
       5. The method of  claim 1 , wherein the remediation action comprises the device manufacturer providing, to the device, an update that addresses the security vulnerability; and wherein the update comprises a software application update, an operating system update, a firmware update, or a hardware update. 
     
     
       6. A computer-readable storage medium comprising computer-executable instructions that, when executed by a processor of a computing system involved in a blockchain, cause the processor to perform operations comprising:
 creating, for execution on the blockchain, a smart contract for a device, wherein the smart contract identifies a plurality of parties comprising a device customer, a device manufacturer, and a vulnerability assessor; 
 encoding, in the smart contract, that the device customer is obligated to register the device with the device manufacturer; 
 encoding, in the smart contract, that the vulnerability assessor is obligated to report a discovery of a security vulnerability to the device customer and the device manufacturer; 
 encoding, in the smart contract, a remediation action to be performed by the device manufacturer responsive to the discovery of the security vulnerability; 
 encoding, in the smart contract, that if the device manufacturer does not perform the remediation action responsive to the discovery of the security vulnerability within a specified time period, the device manufacturer is obligated to provide the device customer with a form of compensation; and 
 encoding, in the smart contract, that when the device reaches an agreed upon end-of-life, then the device manufacturer will no longer be obligated to perform the remediation action; and 
 executing the smart contract, wherein executing the smart contract comprises
 registering, by the device manufacturer, the device responsive to a request from the customer, 
 reporting, by the vulnerability assessor, the discovery of the security vulnerability to the device customer and the device manufacturer, and 
 performing, by the device manufacturer, the remediation action responsive to the discovery of the security vulnerability. 
 
 
     
     
       7. The computer-readable storage medium of  claim 6 , wherein the security vulnerability involves a software application of the device. 
     
     
       8. The computer-readable storage medium of  claim 6 , wherein the security vulnerability involves an operating system of the device. 
     
     
       9. The computer-readable storage medium of  claim 6 , wherein the security vulnerability involves a firmware of the device. 
     
     
       10. The computer-readable storage medium of  claim 6 , wherein the remediation action comprises the device manufacturer providing, to the device, an update that addresses the security vulnerability; and wherein the update for the device comprises a software application update, an operating system update, a firmware update, or a hardware update. 
     
     
       11. A computing system comprising:
 a processor; and 
 memory comprising computer-executable instructions that, when executed by the processor, cause the processor to perform operations comprising
 creating, for execution on a blockchain, a smart contract for a device, wherein the smart contract identifies a plurality of parties comprising a device customer, a device manufacturer, and a vulnerability assessor, 
 encoding, in the smart contract, that the device customer is obligated to register the device with the device manufacturer, 
 encoding, in the smart contract, that the vulnerability assessor is obligated to report a discovery of a security vulnerability to the device customer and the device manufacturer, 
 encoding, in the smart contract, a remediation action to be performed by the device manufacturer responsive to the discovery of the security vulnerability, 
 encoding, in the smart contract, that if the device manufacturer does not perform the remediation action responsive to the discovery of the security vulnerability within a specified time period, the device manufacturer is obligated to provide the device customer with a form of compensation, and 
 encoding, in the smart contract, that when the device reaches an agreed upon end-of-life, then the device manufacturer will no longer be obligated to perform the remediation action; and 
 executing the smart contract, wherein executing the smart contract comprises
 registering, by the device manufacturer, the device responsive to a request from the customer, 
 reporting, by the vulnerability assessor, the discovery of the security vulnerability to the device customer and the device manufacturer, and 
 performing, by the device manufacturer, the remediation action responsive to the discovery of the security vulnerability. 
 
 
 
     
     
       12. The computing system of  claim 11 , wherein the security vulnerability involves a software application of the device. 
     
     
       13. The computing system of  claim 11 , wherein the security vulnerability involves an operating system of the device. 
     
     
       14. The computing system of  claim 11 , wherein the security vulnerability involves a firmware of the device. 
     
     
       15. The computing system of  claim 11 , wherein the remediation action comprises the device manufacturer providing, to the device, an update that address the security vulnerability; and wherein the update for the device comprises a software application update, an operating system update, a firmware update, or a hardware update.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.